It seems to me that attacks against WEP and bump keys are examples of the same problem. In either case, a determined intruder with sufficient tools and expertise is going to overcome your preventative security measures and compromise you. In my books I call this fact prevention eventually fails. Eventual compromise is the reason I recommend detection and response, as well as insurance.

However, relying solely on WEP while the front door to your data center is propped open is no better than installing a vulnerable door lock on a shoddy frame. In those cases, addressing the popular flaw (vulnerable WEP, vulnerable door lock) still leaves many other avenues of attack open. Most opportunistic wireless intruders will pass a WEP-encrypted network for one that is wide open. Most opportunistic physical intruders will pass a locked door for one that is wide open.

In both cases, fighting the battle to address vulnerabilities is a losing cause. Removing threats by prosecuting criminals is the most effective way to reduce risk.

The thing that bothered me the most is that it is near forensically impossible to tell if someone bumped a lock vs just used the proper key. If there is no evidence of break-in there may be problems filing claims with insurance.

Schlage Primus locks are "resistant" to bumping as well. The high security locks such as the primus and medecos have tight restrictions on key duplication. A bit of security by obscurity, which is not always as bad as people in the security field tend to think.

One of my friends is experimenting with high weight grease and oils to try and fortify the lower security locks around his company against the bumping type attacks. It would be wonderful is something as simple as that could foil this type of attack.